[389-users] Not allowed to change password once it has expired
Gerrard Geldenhuis
Gerrard.Geldenhuis at betfair.com
Mon Sep 27 16:26:20 UTC 2010
Hi
I am in the midsts of debugging this but am hoping anyone can shed some light on the issue or point me in the right direction.
A certain combination of changes to the global password policy seems to break the abbility to change a user's password.
user1 at client01.example's password:
You are required to change your LDAP password immediately.
Last login: Mon Sep 27 16:06:18 2010 from 10.5.11.115
Connection to client01.example closed.
When it works it looks like:
ssh client01 -l user1
user1 at client01's password:
You are required to change your LDAP password immediately.
Creating directory '/home/user1'.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user user1
Enter login(LDAP) password:
Connection to client01 closed.
Settings that we have toggled in the global password policy is:
Enable fine-grained password policy
User must change password after reset
Allow changes in x days
We don't change anything on the client so I am 99% sure its not a a pam misconfiguration.
Best Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
More information about the 389-users
mailing list